There has been a great deal occurring in regard to state legislation addressing data security. First, I would like to thank Konica Minolta and Toshiba for making knowledgeable individuals available to explain to legislators the facts regarding document retention on hard drives. To date, there has not been a single instance discovered where data on a hard drive of a digital copier, printer, fax or scanner caused a breach of confidential information.

Not one legislator has received a constituent complaint, with all proposed legislation resulting from the CBS report. There is a new bill that has been introduced in Colorado, adding that state to New Jersey, Florida, Arizona, Oregon and Washington, all with pending legislation. Colorado State Representative Dan Pabon, (D-Denver) has introduced Colorado House Bill 1225 to safeguard private data with a requirement that a "commercial entity that holds the personal information has been audited by a qualified information technology auditor and found to be implementing best practices and meeting information technology security standards" and the "qualified technology auditor" employed by that company be certified by "the state's chief information officer" as qualified to act as a data security auditor. This legislation would create an entire industry in Colorado to certify and audit security standards. The Business Technology Association will monitor the progress of this measure.

Model legislative language is being developed in those instances that legislation will be pursued by sponsors despite efforts showing it is not necessary. For legislative purposes, the following definition of a "Digital Copy Machine" has been drafted. Your comments are welcome:

A digital copy machine means a business machine that, as a primary purpose, uses a digital process and hard drive to produce and retain an immediate duplicate of an original document and does not include any other machine or equipment to which the digital copy machine is connected.

On Feb. 9, 2011, the Business Technology Association and Chris Biello of Konica Minolta, along with the Equipment Leasing and Finance Association (ELFA) and the Information Technology Industry Council (ITI), met with New Jersey State Senator Bob Smith (D-Piscataway) in his district office. Discussion centered on his introduction of Senate Bill 2153 requiring the destruction of records on digital copy machines.

A similar bill has already passed the House of Representatives in New Jersey. After reviewing existing security features on copiers, the ways in which data can be stored to hard drives, as well as Federal Trade Commission (FTC) and New Jersey attorney general efforts to address the issue, Senator Smith asked those present to develop recommendations for refocusing his bill to educate end users. Public service announcements were suggested. Smith was pleased with the efforts that had been taken by the industry. He was grateful for the factual corrections to the CBS report. Smith requested we meet with Senator Linda Greenstein (D-Mercer/Middlesex) who had introduced the legislation in the House prior to being elected to the Senate. The New Jersey legislation will now focus on education of end users. BTA is working to draft an appropriate resolution, conduct a meeting with Senator Greenstein and follow-up with the New Jersey attorney general.

On Feb. 15, 2011, the Business Technology Association, along with the Equipment Leasing and Finance Association (ELFA), the Associated Industries of Florida, the Florida Chamber of Commerce and the Florida Bankers Association met in Tallahassee, Fla., with Representative Eddy Gonzalez (R-Hialeah Gardens) in regard to Florida House Bill 551. This legislation requires cleansing and warning labels for copy machines, scanners, facsimile and printing equipment. Representative Gonzalez was informed of the steps taken by the industry, the factual inaccuracies of the CBS Report and the approach taken by Congress and the Federal Trade Commission.

The Florida Bill was a result of an educational course Gonzalez was conducting for a junior high school. As in New Jersey, Gonzalez did not feel legislation was required and will concentrate on an educational effort. Public service announcements were suggested andGonzalez thought both Spanish and English versions would be appropriate. The group also offered to meet with the junior high students and review the CBS Report, the facts and the industry steps being taken to protect confidential information. Gonzalez indicated the Florida legislation would be withdrawn.

On Feb. 21, 2011, the Business Technology Association, along with the Equipment Leasing and Finance Association (ELFA), Arizona Bankers Association, Arizona Retailers and others will meet with Representative Bob Robson (D-Chandler) to review proposed amendments to Arizona House Bill 2244. This is the second meeting with Robson, the first attended by BTA through Alan Lang of Toshiba. Robson is anxious to be the first elected official to pass legislation regarding data security, hoping his bill becomes a model for other states. Efforts will be made for Robson to pursue the education course, however this may be difficult. The amendments drafted place the cleansing burden on the entity that stored the information. The scope of the law is digital copy machines with a hard drive. A report on the meeting with Robson will follow.

The Oregon House Bill 2938 covers "public bodies" and entities that that offer copies for a fee to take steps to protect confidential information and cleanse hard drives. The Washington House Bill 1216 applies only to public agencies. At this point in BTA's efforts the Arizona proposal appears to headed towards legislation, however that is subject to change, approval by the Senate and signature by the governor. It is also likely that additional states will introduce proposals. I will continue to keep you advised.